[prev in list] [next in list] [prev in thread] [next in thread]
List: inet-access
Subject: Re: Cisco AS5300 support list? (and a question)
From: Andrew R Frame <aframe () employees ! org>
Date: 1999-04-30 16:20:19
[Download RAW message or body]
you arent doing aaa authorization through radius. Take out the
if-authenticated in your aaa authoization network command. It is saying if
the user is authenticated then dont authorize.
latah,
-andrew
On Fri, 30 Apr 1999, Richard Archer wrote:
> Hi All,
>
> Is there a Cisco AS5300 support list anywhere?
> The old as5200@WWA.COM seems to have died.
>
>
> I'm having a problem setting up my first AS5300.
> It seems that if the client machine is configured to request a specific
> IP address via PPP's IPCP negotiation, this address overrides the AS5300's
> ip address pool values and the RADIUS values.
>
> The result is that the client gets allocated any address they choose!
> Is there a way to tell the AS5300 to ignore the IPCP address request?
>
> I have attached huge chunks of my config, and some debugging data.
> Sorry about the long message, but too much information is rarely enough.
>
> In the debug output, note log line 645 - RADIUS is allocating the correct
> IP Address. Then at line 673, the AS5300 knows the correct address.
> But then at line 674, the AS5300 assigns the client's requested address!
>
> Note that if the client is configured with an IP address 0.0.0.0, the
> correct address is negotiated (log line 917).
>
> Any help would be much appreciated!
>
> ...Richard.
>
>
>
> My config:
>
> version 11.3
> ! ...
> aaa new-model
> aaa authentication login default local
> aaa authentication ppp default radius
> no aaa authorization config-commands
> aaa authorization exec default local radius
> aaa authorization network default if-authenticated radius none
> aaa accounting update newinfo
> aaa accounting network default wait-start radius
> ! ...
> modem country mica australia
> ! ...
> controller E1 0
> framing CRC4 Australia
> clock source line primary
> pri-group timeslots 1-31
> ! ...
> interface Serial0:15
> description ISDN D-channel
> ip unnumbered FastEthernet0
> ip tcp header-compression passive
> encapsulation ppp
> no ip route-cache
> dialer-group 1
> isdn switch-type primary-net5
> isdn incoming-voice modem
> peer default ip address pool dialup
> no fair-queue
> no cdp enable
> ppp authentication chap pap
> ppp multilink
> !
> interface FastEthernet0
> ip address 203.17.167.3 255.255.255.0
> no ip directed-broadcast
> !
> interface Group-Async1
> ip unnumbered FastEthernet0
> no ip directed-broadcast
> ip tcp header-compression passive
> encapsulation ppp
> no ip route-cache
> no ip mroute-cache
> async mode interactive
> peer default ip address pool dialup
> no fair-queue
> no cdp enable
> ppp max-bad-auth 3
> ppp authentication chap pap
> ppp multilink
> group-range 1 120
> !
> ip local pool dialup 203.17.167.151 203.17.167.180
> ip classless
> ip route 0.0.0.0 0.0.0.0 203.17.167.1
> ! ...
> dialer-list 1 protocol ip permit
> radius-server host 203.17.167.4 auth-port 1645 acct-port 1646
> radius-server timeout 3
> radius-server key xxx
> radius-server vsa send accounting
>
>
>
>
> 626: As4 LCP: State is Open
> 627: As4 PPP: Phase is AUTHENTICATING, by this end
> 628: As4 PAP: I AUTH-REQ id 1 len 18 from "vince"
> 629: As4 PAP: Authenticating peer vince
> 630: RADIUS: ustruct sharecount=1
> 631: RADIUS: Initial Transmit id 13 203.17.167.4:1645, Access-Request, len 96
> 632: Attribute 4 6 CB11A703
> 633: Attribute 5 6 00000004
> 634: Attribute 61 6 00000000
> 635: Attribute 1 7 76696E63
> 636: Attribute 30 10 39363937
> 637: Attribute 31 11 33393638
> 638: Attribute 2 18 7C10BF77
> 639: Attribute 6 6 00000002
> 640: Attribute 7 6 00000001
> 641: RADIUS: Received from id 13 203.17.167.4:1645, Access-Accept, len 55
> 642: Attribute 4 6 CB11A703
> 643: Attribute 221 5 6D656C06
> 644: Attribute 6 6 00000002
> 645: Attribute 8 6 CB11A79A
> 646: Attribute 12 6 000005DC
> 647: Attribute 13 6 00000001
> 648: RADIUS: saved authorization data for user 60999D9C at 60BD6BB0
> 649: As4 PAP: O AUTH-ACK id 1 len 5
> 650: As4 PPP: Phase is UP
> 651: As4 IPCP: O CONFREQ [Closed] id 1 len 16
> 652: As4 IPCP: CompressType VJ 15 slots (0x0206002D0F00)
> 653: As4 IPCP: Address 203.17.167.3 (0x0306CB11A703)
> 654: RADIUS: ustruct sharecount=3
> 655: RADIUS: added cisco VSA 2 len 6 "Async4"
> 656: RADIUS: Initial Transmit id 14 203.17.167.4:1646, Accounting-Request, len 120
> 657: Attribute 4 6 CB11A703
> 658: Attribute 5 6 00000004
> 659: Attribute 26 14 0000000902084173
> 660: Attribute 61 6 00000000
> 661: Attribute 1 7 76696E63
> 662: Attribute 30 10 39363937
> 663: Attribute 31 11 33393638
> 664: Attribute 40 6 00000001
> 665: Attribute 45 6 00000001
> 666: Attribute 6 6 00000002
> 667: Attribute 44 10 30303030
> 668: Attribute 7 6 00000001
> 669: Attribute 41 6 00000000
> 670: As4 IPCP: I CONFREQ [REQsent] id 1 len 16
> 671: As4 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
> 672: As4 IPCP: Address 203.17.167.131 (0x0306CB11A783)
> 673: AAA/AUTHOR/IPCP As4: Start. Her address 203.17.167.131, we want 203.17.167.154
> 674: set_ip_peer_addr: As4: address = 203.17.167.131 (4)
> 675: ip_free_pool: As4: address = 203.17.167.154 (2)
> 676: AAA/AUTHOR/IPCP As4: Done. Her address 203.17.167.131, we want 203.17.167.131
> 677: As4 IPCP: O CONFACK [REQsent] id 1 len 16
> 678: As4 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
> 679: As4 IPCP: Address 203.17.167.131 (0x0306CB11A783)
> 680: As4 IPCP: I CONFACK [ACKsent] id 1 len 16
> 681: As4 IPCP: CompressType VJ 15 slots (0x0206002D0F00)
> 682: As4 IPCP: Address 203.17.167.3 (0x0306CB11A703)
> 683: As4 IPCP: State is Open
> 684: RADIUS: ustruct sharecount=4
> 685: RADIUS: added cisco VSA 2 len 6 "Async4"
> 686: As4 IPCP: Remove route to 203.17.167.154
> 687: RADIUS: Initial Transmit id 15 203.17.167.4:1646, Accounting-Request, len 126
> 688: Attribute 4 6 CB11A703
> 689: Attribute 5 6 00000004
> 690: Attribute 26 14 0000000902084173
> 691: Attribute 61 6 00000000
> 692: Attribute 1 7 76696E63
> 693: Attribute 30 10 39363937
> 694: Attribute 31 11 33393638
> 695: Attribute 40 6 00000003
> 696: Attribute 45 6 00000001
> 697: Attribute 6 6 00000002
> 698: Attribute 44 10 30303030
> 699: Attribute 7 6 00000001
> 700: Attribute 8 6 CB11A783
> 701: Attribute 41 6 00000000
> 702: As4 IPCP: Install route to 203.17.167.131
> 703: RADIUS: Received from id 14 203.17.167.4:1646, Accounting-response, len 20
> 704: RADIUS: Received from id 15 203.17.167.4:1646, Accounting-response, len 20
> 705: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async4, changed state to up
>
>
> 868: As5 LCP: State is Open
> 869: As5 PPP: Phase is AUTHENTICATING, by this end
> 870: As5 PAP: I AUTH-REQ id 1 len 18 from "vince"
> 871: As5 PAP: Authenticating peer vince
> 872: RADIUS: ustruct sharecount=1
> 873: RADIUS: Initial Transmit id 17 203.17.167.4:1645, Access-Request, len 96
> 874: Attribute 4 6 CB11A703
> 875: Attribute 5 6 00000005
> 876: Attribute 61 6 00000000
> 877: Attribute 1 7 76696E63
> 878: Attribute 30 10 39363937
> 879: Attribute 31 11 33393638
> 880: Attribute 2 18 0775C417
> 881: Attribute 6 6 00000002
> 882: Attribute 7 6 00000001
> 883: RADIUS: Received from id 17 203.17.167.4:1645, Access-Accept, len 55
> 884: Attribute 4 6 CB11A703
> 885: Attribute 221 5 6D656C06
> 886: Attribute 6 6 00000002
> 887: Attribute 8 6 CB11A79B
> 888: Attribute 12 6 000005DC
> 889: Attribute 13 6 00000001
> 890: RADIUS: saved authorization data for user 60917C44 at 60B70C90
> 891: As5 PAP: O AUTH-ACK id 1 len 5
> 892: As5 PPP: Phase is UP
> 893: As5 IPCP: O CONFREQ [Closed] id 1 len 16
> 894: As5 IPCP: CompressType VJ 15 slots (0x0206002D0F00)
> 895: As5 IPCP: Address 203.17.167.3 (0x0306CB11A703)
> 896: RADIUS: ustruct sharecount=3
> 897: RADIUS: added cisco VSA 2 len 6 "Async5"
> 898: RADIUS: Initial Transmit id 18 203.17.167.4:1646, Accounting-Request, len 120
> 899: Attribute 4 6 CB11A703
> 900: Attribute 5 6 00000005
> 901: Attribute 26 14 0000000902084173
> 902: Attribute 61 6 00000000
> 903: Attribute 1 7 76696E63
> 904: Attribute 30 10 39363937
> 905: Attribute 31 11 33393638
> 906: Attribute 40 6 00000001
> 907: Attribute 45 6 00000001
> 908: Attribute 6 6 00000002
> 909: Attribute 44 10 30303030
> 910: Attribute 7 6 00000001
> 911: Attribute 41 6 00000000
> 912: RADIUS: Received from id 18 203.17.167.4:1646, Accounting-response, len 20
> 913: As5 IPCP: I CONFREQ [REQsent] id 1 len 16
> 914: As5 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
> 915: As5 IPCP: Address 0.0.0.0 (0x030600000000)
> 916: AAA/AUTHOR/IPCP As5: Start. Her address 0.0.0.0, we want 203.17.167.155
> 917: AAA/AUTHOR/IPCP As5: Done. Her address 0.0.0.0, we want 203.17.167.155
> 918: As5 IPCP: O CONFNAK [REQsent] id 1 len 10
> 919: As5 IPCP: Address 203.17.167.155 (0x0306CB11A79B)
> 920: As5 IPCP: I CONFACK [REQsent] id 1 len 16
> 921: As5 IPCP: CompressType VJ 15 slots (0x0206002D0F00)
> 922: As5 IPCP: Address 203.17.167.3 (0x0306CB11A703)
> 923: As5 IPCP: I CONFREQ [ACKrcvd] id 2 len 16
> 924: As5 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
> 925: As5 IPCP: Address 203.17.167.155 (0x0306CB11A79B)
> 926: AAA/AUTHOR/IPCP As5: Start. Her address 203.17.167.155, we want 203.17.167.155
> 927: set_ip_peer_addr: As5: address = 203.17.167.155 (4) is redundant
> 928: AAA/AUTHOR/IPCP As5: Done. Her address 203.17.167.155, we want 203.17.167.155
> 929: As5 IPCP: O CONFACK [ACKrcvd] id 2 len 16
> 930: As5 IPCP: CompressType VJ 15 slots CompressSlotID (0x0206002D0F01)
> 931: As5 IPCP: Address 203.17.167.155 (0x0306CB11A79B)
> 932: As5 IPCP: State is Open
> 933: RADIUS: ustruct sharecount=3
> 934: RADIUS: added cisco VSA 2 len 6 "Async5"
> 935: RADIUS: Initial Transmit id 19 203.17.167.4:1646, Accounting-Request, len 126
> 936: Attribute 4 6 CB11A703
> 937: Attribute 5 6 00000005
> 938: Attribute 26 14 0000000902084173
> 939: Attribute 61 6 00000000
> 940: Attribute 1 7 76696E63
> 941: Attribute 30 10 39363937
> 942: Attribute 31 11 33393638
> 943: Attribute 40 6 00000003
> 944: Attribute 45 6 00000001
> 945: Attribute 6 6 00000002
> 946: Attribute 44 10 30303030
> 947: Attribute 7 6 00000001
> 948: Attribute 8 6 CB11A79B
> 949: Attribute 41 6 00000000
> 950: As5 IPCP: Install route to 203.17.167.155
> 951: RADIUS: Received from id 19 203.17.167.4:1646, Accounting-response, len 20
> 952: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async5, changed state to up
>
>
> -
> Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
> Eat sushi frequently. inet@inet-access.net is the human contact address.
>
-
Send 'unsubscribe' in the body to 'list-request@inet-access.net' to leave.
Eat sushi frequently. inet@inet-access.net is the human contact address.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic